REMARKS 



The specification has been amended in accordance with U.S. practice. 
Also new claims are presented based on the PCT prosecuted claims but 
drawn in accordance with U.S. practice. 
5 ' An Information Disclosure Statement is enclosed. 




Schiff, Hafdin LLP 
CUSTOMER NO. 26574 

10 Patent Department 

6600 Sears Tower 
233 South Wacker Drive 
Chicago, Illinois 60606 
Telephone: 312/258-5786 
1 5 Attorneys for Applicant. 



CH1\ 4246971.1 



10/5331*8 

,JCWI*KTOJnO 2 7APRZQ5S 



MARKED CO 



Method and Arrangomont for Auth e nt i cating a Contro l Un i t And 
Transm i tt i ng Authenticat i on Informat i on to th e Control Un i t 

SPECIFICATION 

5 TITLE 

METHOD AND ARRANGEMENT FOR AUTHENTICATING A 
CONTROL UNIT AND TRANSMITTING AUTHENTICATION INFORMATION 

TO THE CONTROL UNIT 

10 BACKGROUND 

The inv e nt i on preferred embodiment relates to a method and an 
arrangement for generating authentication information by means of which a 
data processing system performs an authentication of a control unit. The 
i nvention preferred embodiment further relates to a method and an 

15 arrangement for authenticating a control unit of an electrophotographic 
printing or copying system. 

Known electrophotographic printers and copiers have communication 
interfaces over which the control units and maintenance computers can be 
linked with the printer or copier for purposes of control, diagnostic analysis, 

20 and maintenance. In particular, security related settings of the printer or 
copier can be changed with the aid of the maintenance computers. If such 
modifications are performed by insufficiently qualified operators or 
unauthorized persons, e.g. over a network connection, the result may be a 
significant quality degradation and damage or destruction of assemblies of the 

25 printer or copier. 

In the case of known printers and copiers, a number of so-called user 
levels are provided, whereby a user can select a user level and verifies his 
authorization to select this user level by inputting a password. Furthermore, 
with known printers and copiers, unauthorized persons may be able to acquire 

30 information about the structure and control structure of the printer or copier 
through unsecured access with the aid of the communication interface of the 
printer or copier. System parameters such as meter counts of the printer or 
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copier, which may be used for billing purposes, can also be manipulated over 
the communication interface of known printers or copiers. 

The European Patent EP 0 513 549 A2 describes an arrangement for 
controlling and transmitting data between a host computer and a copier 
5 control, whereby the communication does not occur until the successful 
identification of the host computer with the aid of a password. A control unit 
for communication control is also provided. 

US 5,077,795 describes an electronic printing system in which the 
security of user data and user programs is ensured with the aid of a user 

10 profile for each user. The user profiles are managed by a security 
administrator on site or at a remote location. 

However, known access methods offer only an inadequate protection 
of the printer's internal data and settings. In particular, a substantial risk 
associated with passwords is that they can be spied out on with the aid of 

15 program modules that record the keyboard inputs. Another security risk 
associated with passwords is that they must be delivered to the respective 
user, whereby it often cannot be guaranteed that unauthorized parties will not 
acquire knowledge of the passwords during the transmission and/or delivery 
of the passwords. Nor is there any guarantee that authorized parties will not 

20 disseminate the passwords to unauthorized parties. An effective local 
protection of known printers or copiers could only be achieved by preventing 
unauthorized parties from gaining physical access to the communication 
interface of the printer or copier. But in that case the print data could not be 
transmitted to the printer over a network that is also linked to global networks 

25 such as the Internet over which unauthorized parties also have access to the 
printer. But such moasuros techniques also foreclose the possibility of remote 
maintenance, remote diagnostic analysis, or remote control of the printer by 
service specialists that are not on site. 

SUMMARY 

30 : Pbe An object of tho i nvention is to propose a method and an 

arrangement with which it is easy to authenticate a data processing system. 
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I n connect i on w i th the m e thod for auth e nt i cating a data processing 
syst e m, th e obj e ct i s achi e v e d by th e f e atures of c l a i m 1. — Advantag e ous 
dovo l opm e nts of th e inv e ntion ar e d e scrib e d i n th e subc l aims. 

In a method and arrangement for authenticating a data processing 
5 system, first information is generated by a first data processing system and 
delivered to a second data processing system for a control unit. First data are 
transmitted from the second data processing system to the first data 
processing system over a data line, the first data being generated by the 
second data processing system with aid of the first information and additional 
10 information contained in the second data processing system. Second data 
are generated by the first data processing system depending on the first data 
and transmitted from the first data processing system to the second data 
processing system. Authentication information for authenticating the second 
data processing system is generated by the second data processing system 
15 with aid of the second data. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a block wiring diagram of a system for generating and 
transmitting a key for authenticating a service and maintenance computer; 

Figure 2 is a control interface for reguesting the key at an authorization 

20 server; 

Figure 3 is a block circuit diagram for the authenticating of the service 
and maintenance computer by a printer; and 

Figure 4 is an output window with a test message that is output in the 
event of authorization failure. 

25 DESCRIPTION OF THE PREFERRED EMBODIMENT 

For the purposes of promoting an understanding of the principles of the 
invention, reference will now be made to the preferred embodiment illustrated 
in the drawings and specific language will be used to describe the same. It 
will nevertheless be understood that no limitation of the scope of the invention 
30 is thereby intended, such alterations and further modifications in the illustrated 
device, and/or method, and such further applications of the principles of the 
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invention as illustrated therein being contemplated as would normally occur 
now or in the future to one skilled in the art to which the invention relates. 

What a method for authenticating a data processing system with the 
features of patent c l a i m 1 achieves[[,]] is that the second data are supplied to 
5 the second data processing system in a very secure fashion, and with the aid 
of the second data, the second data processing system generates 
authentication information with which an authentication procedure can be 
advantageously executed automatically without intervention by a human 
operator. 

10 A second aspect of the i nvent i on preferred embodiment relates to an 

arrangement for authenticating a data processing system. A first data 
processing system generates first information. The first information is sent to 
a second data processing system of a control unit. The second data 
processing system generates first data with the aid of the first information and 

15 additional information that is contained in the second data processing system. 
The arrangement contains a data line over which first data are transmittable 
from the first data processing system to the second data processing system 
{sic}. The first data processing system generates second data depending on 
the first data. The second data are transmittable from the first data 

20 processing system to the second data processing system over the data line. 
With the aid of the second data, the second data processing system 
generates authentication information for authenticating the second data 
processing system. 

The effect of this i nv e nt i on arrangement of the preferred embodiment is 

25 that the generation and transmission of the second data for generating the 
authentication information by means of the second data processing system 
can be executed easily and without complex user intervention. Furthermore, 
because the second data processing system generates the authentication 
information with the aid of the second data, an authentication of the second 

30 data processing system by an additional data processing system aod/or the 
first data processing system is easy to realize. 
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A third aspect of the invent i on preferred embodiment relates to a 
method for authenticating a control unit of an electrophotographic printing or 
copying system. First data are stored in a first data processing system of the 
control unit. The first data processing system generates authentication 
5 information with the aid of the first data. With the aid of authentication data 
the authentication information is transmitted to a second data processing 
system of the printing or copying system. The authenticity of the first data 
processing system is checked [or: va l idated] or validated by the second data 
processing system. With the aid of the authentication data, access rights for 
10 the first data processing system are defined by the second data processing 
system. 

An authentication of the control unit and the defining of access rights of 
the control unit are very easy with th i s inv e nt i v e the method of the preferred 
embodiment . Complicated and costly user interventions by a human operator 

15 are not required in order to authenticate the control unit. 

A fourth aspect of the inv e ntion preferred embodiment relates to an 
arrangement for authenticating a control unit of an electrophotographic 
printing or copying system. First data are stored in a first data processing 
system of the control unit. The first data processing system generates 

20 authentication information with the aid of the first data. The first data 
processing system transmits authentication data to a second data processing 
system of the printing or copying system, which data contain the 
authentication information. The second data processing system checks the 
authenticity of the first data processing system, whereby it defines access 

25 rights of the first data processing system with the aid of the authentication 
data. With this i nv e ntiv e arrangement of the preferred embodiment an 
authentication of the control unit can be executed very easily by the control 
unit of the printing or copying system. Such authentication does not require 
intervention by a human operator. Furthermore, with this arrangement a very 

30 secure authentication of the control unit is performed, and foreign {off 
e xt e rna l ] or external access to the data processing system of the printing or 
copying system is prevented. 
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I n ord e r to g i v e a b e tt e r und e rstand i ng of th e pr e s e nt i nv e nt i on, 
preferred exemplify i ng embodiments of the i nv e ntion w i ll now b e d e scr i bed i n 
conn e ct i on w i th draw i ngs and i n r e f e r e nc e to sp e c i fic t e rm i no l ogy. How e v e r, 
th i s is not int e nd e d to l i mit th e scop e of protect i on of the i nvent i on, because 
5 th e a l terat i ons and furth e r mod i ficat i ons to th e d e v i c e s and/or th e m e thod 
r e pr e s e nt e d as w e l l as th e furth e r app li cat i ons of th e i nvent i on which ar e l aid 
out h e r ei n ar e consid e r e d common t e chnica l know le dg e th a t i s or wi ll b e 
known to a p e rson skilled i n th e art. — Th e f i gur e s r e pr e s e nt e xempl i fy i ng 
ombodimonts of the invent i on, nam e ly: 

10 F i gur e 1 : a b l ock w i r i ng d i agram of a syst e m for g e n e rat i ng and 

transmitt i ng a k e y 

for auth e nt i cat i ng a s e rv i c e and maint e nance comput e r; 

F i gure 2: a contro l interface [or: operat i ng surface] for request i ng 

th e k e y at an 
15 author i zat i on server; 

F i gur e 3: a block c i rcu i t diagram for th e auth e nt i cat i ng of th e 

service and 

maint e nanc e comput e r by a pr i nt e r; and 

F i gur e 4 : an output window with a tost mossago that i s outputted i n 

20 the 

event of authorization fa il ur e . 

Figure 1 represents a system 10 for generating and transmitting a key 
12 that serves for the authenticating of a service and maintenance computer 
14 by an additional data processing unit of a printer which is not represented. 

25 The system 10 contains an authorization server 16 that is linkable with the 
service and maintenance computer over a network connection 18. The 
generation and transmission of the key 12 is also referred to as an approval 
[or: r ele as e , e nabl e ] or enable procedure of the service and maintenance 
computer 14. A data connection between the service and maintenance 

30 computer 14 and the authorization server 16 is needed for this approval 
procedure, for instance over network 18. 
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The authorization server 16 generates what is known as a transaction 
number (TAN). The transaction number is a series of numbers and/or letters 
that a human operator must enter at the service and maintenance computer in 
order to execute the approval procedure. The transaction number generated 
5 by the authorization server 16 is sent to the operator by mail or e-mail. The 
operator is preferably a service technician from the printer manufacturer with 
a portable computer, a so-called notebook, as the service and maintenance 
computer 14. The service technician's service and maintenance computer 14 
is referred to hereinafter as the service notebook. 

10 After receiving the transaction number by mail or e-mail, the service 

technician starts a program module for executing the approval procedure on 
the service notebook 14. The service technician enters the transaction 
number by means of an interface and starts the approve operation. The 
program module detects a predetermined hardware identifier, for instance the 

15 serial number of the processor or of an adapter. A hardware identifier of this 
kind is also referred to as the fingerprint of the service notebook 14. The 
serial number and transaction number are transmitted to the authorization 
server 16 over the network connection 18. The authorization server 16 
checks the validity of the transaction number and defines an authorization 

20 level for the service notebook based on said number, which will subsequently 
determine the access rights of the service notebook 14 to the control units 
and databases of a printer when the notebook and printer are linked. 

The authorization server 16 also defines a validity date until which an 
authorization by a printer is possible with the aid of the generated key 12. A 

25 period in which a service notebook 14 can be approved with the aid of the 
transmitted transaction number is also defined. With the aid of the transmitted 
hardware identifier, validity date, and authorization level, the authorization 
server 16 generates what is known as a key 12, which contains this 
information in coded form and/or by means of which this information can at 

30 least be checked. The key 12 is transmitted over the network 18 to the 
service notebook 14 and stored in a memory area of the service notebook 14. 
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An approval procedure for approving the service notebook 14 is thus 
implemented by means of the system 10. The key 12 that is stored in the 
service notebook 14 as a result of this approval procedure contains the 
hardware identifier, expiration date and access rights of the service notebook 
5 14 in encrypted form. 

In other exemplifying embodiments, at least the hardware identifier, the 
expiration date, and the access rights can be checked with the aid of the key 
12. In other exemplifying embodiments the transaction number can also be 
generated by a separate institution. The transaction number must then be 

10 sent to the service technician for entry into the service notebook 14 and 
entered into the authorization server 16. The network link 18 according to 
Figure 1 is a connection via a wide area network such as the Internet. If an 
Internet connection such as this is chosen, the data transfer occurs with the 
aid of a secure transmission channel. 

15 Alternatively, in other exemplifying embodiments a point-to-point 

connection, e.g. by means of a modem, can be transmitted {s*g} over a public 
telephone network. In order to enhance transmission security, known 
encryption methods can be used for data transmission. Furthermore, with the 
aid of the system 10 a service technician can approve the service notebook 

20 14 from an arbitrary location that is linkable with the network 18. Thus it is 
also possible to approve the service notebook 14 from a customer's telephone 
terminal or any other telephone terminal. 

If the validity period of key 12 has expired, the service notebook 14 
must be reapproved. Reapproval is performed according to the same 

25 procedure described for the first approval of the service notebook 14. 

Different keys 12 are generated and delivered by the authorization 
server 16 for different notebooks at the same authorization level. However, 
the authorization level and validity period can be determined unambiguously 
from these different keys 12 without the respective key 12 itself having to be 

30 known to a data processing system of the printer that checks the authenticity 
of the service notebook 14. As a result, it is not necessary to inform all 
printers about which of the technician's notebooks 14 and which other control 
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units have authorization to access the database and/or control units of the 
respective printer. Such a service notebook 14 is linked with a printer locally 
or over a network connection 18 as a control unit, it being possible to read the 
printer's settings and transmit modified settings to it by means of the service 
5 notebook 14, to operate the printer by means of the service notebook 14, and 
to run a diagnostic analysis of the printer or its assemblies by means of the 
service notebook 14. 

For each individual parameter the authorization level until which a read 
and/or write access to this setting parameter is permitted can be defined by 

10 means of the printer software or firmware. Write access to setting parameters 
is advantageously allowed only to users with a high authorization level. 

Figure 2 represents a control interface 20 for approving the service 
notebook 14. The control interface 20 is generated with the program module 
for approving the notebook 14 that was started by the technician on the 

15 notebook 14 and outputt e d output on a display device of the notebook 14. 
With the aid of this control interface 20 the operator can choose the type of 
connection to the authorization server 16. The operator can enter or select 
the network address or, if the notebook 14 is connected to the authorization 
server 16 over a network connection of the World Wide Web of the Internet, 

20 the Internet address of the authorization server 16 in an input and output field 
22. Alternatively, a point-to-point connection of the service notebook 14 to 
the authorization server 16 can also be set with the aid of a selection field 24 
if, for example, the notebook 14 and the authorization server 16 are linkable 
over modems with the aid of a telephone network. For a point-to-point 

25 connection, the operator can enter the required data for the setup of the point- 
to-point connection in the input region 26. These data relate in particular to a 
log-in name and a password for setting up the connection and a telephone 
number via which the authorization server is reachable over the telephone 
network. A protocol is also selectable. 

30 Region 26 also contains an output field in which the connection status 

is displayed. A connection over the telephone network can be established 
with the aid of a graphic button 28. An existing connection can be interrupted 
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with the aid of the graphic button 30, and the setup and dismantling of a 
connection can be interrupted with the aid of the graphic button 32. The 
transaction number (TAN) that was sent is entered into input field 34. After 
inputting the transaction number, the operator can start the registration 
5 process at the authorization server with the aid of the graphic button 36, 
whereby the program module transmits the transaction number and the 
number of the processor of the service notebook 14 to the authorization 
server 16. The program module contains special program elements for 
detecting the serial numbers of the processor. 

10 As described above in connection with Figure 1, after checking the 

validity of the transaction number, the authorization server 16 determines a 
key 12 with the aid of the processor's serial number and other information. 
After the key 12 is generated, it is transmitted to the notebook 14. The key 12 
is stored in a dedicated memory area of the notebook 14. After the key 12 

15 has been successfully transmitted to the notebook 14, the button 38 is 
displayed as active that the notebook 14 has been successfully approved fsici 
p. 11, I . 14] . Activating the graphic button 38 terminates the approval 
operation and ends the running of the program module for approval. 

Figure 3 is a block wiring diagram representing the authentication of 

20 the notebook 14 by a printer 40. The notebook 14 is connected to the printer 
40 over a network connection 42. As explained above in connection with 
Figures 1 and 2, a key 12 is stored in the notebook 14, which contains 
information about the serial number of the processor, the validity period of the 
key, and the access rights of the service notebook 14. This information is 

25 preferably contained in the key 12 in coded form. Alternatively, this 
information can at least be checked with the aid of the key 12. 

Before the notebook 14 receives access to setting parameters and 
diagnostic functions of the printer 40, the printer 40 performs an authorization 
of the service notebook 14. To that e nd For that purpose , a program module 

30 of the printer detects the presence of the key 12 on the service notebook 14 
and the authorization level of the notebook 14 over the network 42. 
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The authorization by the printer 40 is preferably achieved through the 
challenge and response technique. The printer 40 transmits a random 
number to the service notebook 14. With the random number, the service 
notebook 14 performs a non-bypassable mathematical computation operation 
5 depending on the key 12. The result of this computation operation is 
transmitted to the printer 40 over the network connection 42. The printer 40 
checks the computation result by performing a mathematical computation 
operation that leads to the same result. If the two results match, then 
authentication of the notebook 14 by the printer 40 is successful. 

10 As already mentioned, in the printer 40 it is specified for each setting 

parameter of the printer 40 whether users with a particular authorization level 
have read and/or write access to the value of the setting parameter. The 
service notebook 14 is one such user. Upon the successful authentication of 
the notebook 14, the printer 40 transmits data for generating a graphic user 

15 interface for controlling, configuring, and servicing the printer 40 to the 
notebook 14. The transmitted data are processed by the notebook with the 
aid of a browser program module. The graphic user interface preferably 
contains control interfaces, which are selectably displayed with the aid of 
menus. 

20 The graphic user interface and the control interfaces are preferably 

designed in such a way that they are automatically adapted to the 
authorization level of the notebook 14. If the notebook 14 is not authorized for 
a read and/or write access of the setting value of a setting parameter based 
on the assigned authorization level, this setting value is not displayed or is 

25 displayed only as inactive. If the notebook 14 lacks authorization to execute a 
diagnostic function, then this diagnostic function is not offered, i.e. not 
displayed, with the control interface and/or the menu items. That way, the 
operating of the control interface at lower authorization levels is easier and 
more clearly arranged. 

30 With an authorization procedure such as the one described in 

connection with Figures 1 to 3, it is easy to prevent accidental or intentional 
manipulations and incorrect settings of setting parameters of the printing 
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system. It is possible for the service notebook 14 to access the printer over a 
direct data line on site as well as remotely over a network connection, e.g. 
over the Internet or a telephone network. That way, remote maintenance, 
remote control and remote diagnostic analysis are easy to perform. 
5 If the user interface for operating, configuring, and diagnostically 

analyzing the printer 40 is transmitted from the printer 40 to the notebook 14 
over the network 42 and displayed there with the aid of a display program 
module, e.g. with the aid of a browser, then all the notebook 14 requires is 
software for requesting and managing the key 12, which must be stored in a 
10 storage area or the notebook 14 in addition to its standard software and 
processed by the notebook 14. The standard software of the service 
notebook 14 comprises at least one operating system and one browser 
program module. 

The browser program module advantageously contains a Java 

15 Runtime program environment. The processing of Java Applets is very easy 
with the aid of this Java Runtime environment. With the aid of the Java 
Applets comprehensive operating, diagnostic, and configuration functions as 
well as a graphic user interface can be generated, which are outputt e d output 
via the browser program module. It is not necessary to transmit and verify 

20 passwords. In particular, an inherent risk of such a password is that[[,]] the 
password may be disseminated to another technician or operator, for example 
in the event that the service technician or operator is replaced for a weekend 
or during a vacation. Often these passwords are also written down and could 
reach unauthorized parties that way also. 

25 According to the i nvent i v e authentication of the preferred embodiment 

of the service notebook 14, the notebook contains all the data needed for its 
authentication. In the event of a substitution during a vacation or weekend, 
the notebook 14 is simply handed over to another technician or operator. The 
substitute technician or operator does not receive any information with which 

30 it is possible to access the printer 40 using another service notebook or 
another data processing system after returning the service notebook 14. 
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Figure 4 represents an output window with a text message that is 
outputt e d output on the notebook 14 in the event of unsuccessful approval 
and in the event of expiration of approval. With this text message the 
technician is informed that the notebook 14 is not approved and he has no 
5 access to service tools, diagnostic tools, or documentation. Using the graphic 
button 44, the operator can start the program module for approving the 
notebook 14, whereby the control interface represented in Figure 2 is 
outputt e d output . But approval as described in connection with Figure 2 is 
possible only if the operator has a valid transaction number. If graphic button 

10 46 is activated, the program module for approval is not started, and the 
service and diagnostic tools requiring an authorization level are not available 
to the technician at notebook 14, nor is service documentation. 

Alternatively to the serial number of the processor, a so-called MAC 
address of the network card contained in the service notebook 14 can be 

15 used as the hardware identifier. The MAC address is also referred to as the 
Ethernet address. The MAC address is a worldwide unique identifier of a 
network adapter. It is used in layer 2 of the OSI model for addressing. The 
MAC address is stored in a ROM memory of the network adapter and cannot 
be modified by means of program modules of the notebook 14. The MAC 

20 address is six bytes long and contains the manufacturer and the serial 
number of the respective network adapter in encrypted form. The MAC 
address is readable with known program modules. The MAC address thus 
serves as a unique identifier of the service notebook 14. 

Furthermore, it is expedient to provide several user groups, each with 

25 an authorization level allocated to it. With this kind of an authentication, 
customer data such as overlays, character sets, and other resources can be 
protected against unauthorized reading or modification. An authorization of 
other internal and external operating units of the printer can also be performed 
before these units are given access to the setting parameters and control 

30 functions of the printer. The unauthorized operating of the printer 40 that can 
occur over a network to which the printer 40 is linked is also prevented this 
way. A cryptography technique with which information is encoded and 
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decoded is preferably used, particularly an asymmetric or symmetric 
encryption technique. The key 12 can also contain a legitimation code. The 
key 12 is preferably a public key or a private key. Alternatively, a signature 
can be used instead of a key. 
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Despite the representation and detailed description of preferred 
exemplifying embodiments in the drawings and the description above, these 
should be understood purely as exemplary and not as limiting the invention. It 
bears emphasizing that only the preferred exemplifying embodiments are 
5 represented and described, and protection is intended to extend to all 
alterations and further modifications that are or will be within the scope of the 
invention. 



-16- 
MARKED COPY 



Ref e r e nc e Charact e rs 

+0 syst e m 

42 key 

44 s e rvic e not e book 

5 4§ authorizat i on s e rver 

18, 4 2 network/n e twork li nk 

20 control i nt e rfac e [or: op e rat i ng surfac e ] 

22 i nput and output f i e l d 

24 so l oct i on fi el d 

10 2€ r e g i on for input and output 

28, 30, 32, 36, 38 graphic buttons 

34 i nput fi e ld 

40 print e r 

44, 46 graph i c buttons 



15 
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ABSTRACT OF THE DISCLOSURE 

In a method and arrangement for authenticating a data processing 
system, first information is generated by a first data processing system and 
delivered to a second data processing system for a control unit. First data are 
5 transmitted from the second data processing system to the first data 
processing system over a data line, the first data being generated by the 
second data processing system with aid of the first information and additional 
information contained in the second data processing system. Second data 
are generated by the first data processing system depending on the first data 
10 and transmitted from the first data processing system to the second data 
processing system. Authentication information for authenticating the second 
data processing system is generated by the second data processing system 
with aid of the second data. 
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